@@ -4659,6 +4659,9 @@ enum skb_ext_id {
#endif
#if IS_ENABLED(CONFIG_MCTP_FLOWS)
SKB_EXT_MCTP,
+#endif
+#if IS_ENABLED(CONFIG_INET_PSP)
+ SKB_EXT_PSP,
#endif
SKB_EXT_NUM, /* must be last */
};
@@ -551,6 +551,9 @@ struct tcp_timewait_sock {
#ifdef CONFIG_TCP_AO
struct tcp_ao_info __rcu *ao_info;
#endif
+#if IS_ENABLED(CONFIG_INET_PSP)
+ struct psp_assoc __rcu *psp_assoc;
+#endif
};
static inline struct tcp_timewait_sock *tcp_twsk(const struct sock *sk)
@@ -5,10 +5,15 @@
#include <net/psp/types.h>
+struct tcp_timewait_sock;
+
/* Driver-facing API */
struct psp_dev *
psp_dev_create(struct net_device *netdev, struct psp_dev_ops *psd_ops,
struct psp_dev_caps *psd_caps, void *priv_ptr);
void psp_dev_unregister(struct psp_dev *psd);
+static inline void psp_sk_assoc_free(struct sock *sk) { }
+static inline void psp_twsk_assoc_free(struct tcp_timewait_sock *tw) { }
+
#endif /* __NET_PSP_HELPERS_H */
@@ -86,6 +86,13 @@ struct psp_dev_caps {
#define PSP_V1_KEY 32
#define PSP_MAX_KEY 32
+struct psp_skb_ext {
+ __be32 spi;
+ /* generation and version are 8b but we don't want holes */
+ u16 generation;
+ u16 version;
+};
+
/**
* struct psp_dev_ops - netdev driver facing PSP callbacks
*/
@@ -249,6 +249,7 @@ struct sk_filter;
* @sk_dst_cache: destination cache
* @sk_dst_pending_confirm: need to confirm neighbour
* @sk_policy: flow policy
+ * @psp_assoc: PSP association, if socket is PSP-secured
* @sk_receive_queue: incoming packets
* @sk_wmem_alloc: transmit queue bytes committed
* @sk_tsq_flags: TCP Small Queues flags
@@ -436,6 +437,9 @@ struct sock {
struct mem_cgroup *sk_memcg;
#ifdef CONFIG_XFRM
struct xfrm_policy __rcu *sk_policy[2];
+#endif
+#if IS_ENABLED(CONFIG_INET_PSP)
+ struct psp_assoc __rcu *psp_assoc;
#endif
__cacheline_group_end(sock_read_rxtx);
@@ -77,6 +77,7 @@
#include <net/mptcp.h>
#include <net/mctp.h>
#include <net/page_pool/helpers.h>
+#include <net/psp/types.h>
#include <net/dropreason.h>
#include <linux/uaccess.h>
@@ -4957,6 +4958,9 @@ static const u8 skb_ext_type_len[] = {
#if IS_ENABLED(CONFIG_MCTP_FLOWS)
[SKB_EXT_MCTP] = SKB_EXT_CHUNKSIZEOF(struct mctp_flow),
#endif
+#if IS_ENABLED(CONFIG_INET_PSP)
+ [SKB_EXT_PSP] = SKB_EXT_CHUNKSIZEOF(struct psp_skb_ext),
+#endif
};
static __always_inline unsigned int skb_ext_total_length(void)
@@ -142,6 +142,7 @@
#include <trace/events/sock.h>
#include <net/tcp.h>
+#include <net/psp.h>
#include <net/busy_poll.h>
#include <net/phonet/phonet.h>
@@ -3757,6 +3758,7 @@ void sk_common_release(struct sock *sk)
sock_orphan(sk);
xfrm_sk_free_policy(sk);
+ psp_sk_assoc_free(sk);
sock_put(sk);
}
@@ -21,6 +21,7 @@
#include <net/xfrm.h>
#include <net/tcp.h>
#include <net/sock_reuseport.h>
+#include <net/psp.h>
#include <net/addrconf.h>
#if IS_ENABLED(CONFIG_IPV6)
@@ -1226,6 +1227,7 @@ void inet_csk_destroy_sock(struct sock *sk)
sk_stream_kill_queues(sk);
xfrm_sk_free_policy(sk);
+ psp_sk_assoc_free(sk);
this_cpu_dec(*sk->sk_prot->orphan_count);
@@ -23,6 +23,7 @@
#include <net/xfrm.h>
#include <net/busy_poll.h>
#include <net/rstreason.h>
+#include <net/psp.h>
static bool tcp_in_window(u32 seq, u32 end_seq, u32 s_win, u32 e_win)
{
@@ -377,15 +378,16 @@ static void tcp_md5_twsk_free_rcu(struct rcu_head *head)
void tcp_twsk_destructor(struct sock *sk)
{
+ struct tcp_timewait_sock *twsk = tcp_twsk(sk);
+
#ifdef CONFIG_TCP_MD5SIG
if (static_branch_unlikely(&tcp_md5_needed.key)) {
- struct tcp_timewait_sock *twsk = tcp_twsk(sk);
-
if (twsk->tw_md5_key)
call_rcu(&twsk->tw_md5_key->rcu, tcp_md5_twsk_free_rcu);
}
#endif
tcp_ao_destroy_sock(sk, true);
+ psp_twsk_assoc_free(twsk);
}
EXPORT_SYMBOL_GPL(tcp_twsk_destructor);
@@ -23,6 +23,7 @@
#include <net/hotdata.h>
#include <net/xfrm.h>
#include <asm/ioctls.h>
+#include <net/psp.h>
#include "protocol.h"
#include "mib.h"
@@ -3010,6 +3011,7 @@ static void __mptcp_destroy_sock(struct sock *sk)
WARN_ON_ONCE(msk->rmem_released);
sk_stream_kill_queues(sk);
xfrm_sk_free_policy(sk);
+ psp_sk_assoc_free(sk);
sock_put(sk);
}
Add pointers to psp data structures to core networking structs, and an SKB extension to carry the PSP information from the drivers to the socket layer. Signed-off-by: Jakub Kicinski <kuba@kernel.org> --- Split out to a separate patch for ease of review, I will squash if that's not helpful. --- include/linux/skbuff.h | 3 +++ include/linux/tcp.h | 3 +++ include/net/psp/functions.h | 5 +++++ include/net/psp/types.h | 7 +++++++ include/net/sock.h | 4 ++++ net/core/skbuff.c | 4 ++++ net/core/sock.c | 2 ++ net/ipv4/inet_connection_sock.c | 2 ++ net/ipv4/tcp_minisocks.c | 6 ++++-- net/mptcp/protocol.c | 2 ++ 10 files changed, 36 insertions(+), 2 deletions(-)